-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add top-level README #205
Add top-level README #205
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One concern:
This push mentions the security policy explicitly rather than leaving it to the issue selector. |
One thing I'm not sure about is the links -- GitHub automatically transforms certain links in certain ways. I tried my best, but I can't be 100% sure they're all correct before the README is live. We may have to change some URLs to be absolute, and remember to change them from "PRIVATE-thar" when we open the repo. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
|
||
### Security | ||
|
||
We use [dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) to load a verified read-only root filesystem, preventing some classes of persistent security threats. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not happy with the "preventing" clause here - we may just want to omit it for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It felt extremely sparse with no explanation of dm-verity's benefit, so I tried to come up with something. Can you suggest an improvement, or would you prefer I remove this paragraph entirely? (And then the Security section would be too slim, so I'd probably remove the whole thing.)
This push addresses some of the concerns from @bcressey's review. |
This push addresses some final comments from bcressey; discussed changes with him offline. |
Addresses one bullet of #189.
TIP: Click the "rich diff" button when you look at the diff; it's at the top right of the file. That'll render the Markdown.
This adds a README to the root of the repo. It pulls from some existing documents, but tweaks the content, and there's also a lot of new stuff; it generally represents the type of information I think is critical at a first glance, while linking to a lot of more detailed docs.
I tried to be neither too chummy nor too technical, but approachable, and to give someone a sense of whether they care to keep going.
It's definitely not finished, in that we have more components to write and describe here, and we need others to review it for style and approval.
(I added everyone to the reviewer list because I think this is a critical doc, and I'd like everyone to see it, but I don't think we want a super-detailed (uh... tjkirch-style) review, because this will still go through a lot before release... 🙈 🙉 🙊)